Increasingly enterprises are attempting to utilize existing technology to conduct business and affairs in a remote and more automated manner. For example, enterprises are now capable of deploying software services to remote facilities or customers over the Internet.
One problem with seamlessly providing services over a network is that each service or package of services that is to be deployed has to be pre-configured for the physical environment in which the service will be installed. That is, the target physical environment may have a specific operating system, a specific file system, etc., such that the deployed service requires pre-configuration before it can be distributed and deployed in an automated manner on the target environment. This custom and often manual configuration negates many of the benefits associated with automated service deployment.
Another more pressing problem arises with respect to security. Enterprises do not want to deploy services on rogue environments and do not want their deployed services to be compromised for purposes of proliferating viruses or other harmful effects within legitimate environments. By automating distribution and deployment of services, the services naturally become targets of nefarious individuals that seek to compromise the services or use the services to their illegal advantages in some manner.
Consequently, enterprises have attempted to use a variety of conventional techniques to minimize their exposure when deploying services over the Internet. For example, the services may include digital certificates, digital signatures, and/or may be encrypted. Yet, keys often used for security measures may themselves be exposed on a network wire during a transaction and if they are not they still can be discovered within the target physical environment in which they are used. So, if a target physical environment becomes compromised by an intruder, then the physical environment's keys can likewise be compromised, at which point the physical environment and any deployed services can also be potentially compromised.
Moreover, for some industries, such as the banking industry, the federal government has promulgated rules and regulations that dictate a certain degree of security measures must be used. Thus, enterprises are not only concerned with their reputation and potential civil liability for security breaches but they are also concerned with violating federally mandated laws.
Consequently, what was considered a very valuable business model for an enterprise has now become administration and maintenance problem. Further, the costs associated with administering and maintaining security are passed onto the consumer in the prices associated with an enterprise's software services.
Thus, what is needed is a mechanism, which allows for the secure deployment of services in a more automated and secured manner from what has been achievable with existing approaches.